The present invention relates generally to the field of telephony and, more particularly, to a method of validating a passcode or personal identification number (PIN) during telephone call processing.
Modern telephone networks provide numerous services to their customers. Examples of such services are caller ID and voice mail. In the context of many of these services, it is often desirable to control access to the service by means of a personal identification number (PIN) or xe2x80x9cpasscode.xe2x80x9d For example, a voice mail service may require entry of a passcode before permitting a subscriber of the service to retrieve voice messages or change a greeting. Another example is a xe2x80x9cprivacy managerxe2x80x9d service (as described in U.S. patent application Ser. No. 09/372,676, entitled xe2x80x9cSystem and Method for Privacy Management,xe2x80x9d incorporated herein by reference), wherein a subscriber""s line is configured to prompt the caller to xe2x80x9cunblockxe2x80x9d a caller-ID-blocked number prior to terminating the call to the subscriber""s line. In the case where the subscriber is calling his own line from a remote location, he or she may enter a passcode in order to xe2x80x9coverridexe2x80x9d the privacy manager service, thereby allowing the call to be terminated to his or her line without recording his or her name or unblocking the calling number. Such scenarios are examples of passcode-controlled services.
Typically, when a customer of a telephone network has subscribed to a passcode-controlled service, the provider of the telephone network maintains a database that correlates customers with their passcodes. Thus, whenever a component of the network needs to validate a passcode that the customer has entered, such component queries the database in order to obtain the customer""s passcode and then compares the entered passcode with the passcode in the database.
However, in a telephone network with distributed components, storage of passcodes in a database leads to the transmission of large amounts of data. Typically, the database is stored centrally, which means that every component that needs to validate a passcode must query the database over a data network at the time of validation. In this typical case, there must be a network with sufficient bandwidth to handle the resulting data traffic. Alternatively, each component that needs to validate passcodes may have a copy of the database. Such an architecture, however, presents the drawback that it requires large amounts of data storage space to store multiple copies of the database on each network component, and also requires that up-to-date copies of the database be transmitted frequently to the various components. These frequent transmission also require a network with sufficient bandwidth.
In view of the foregoing, it is clear that there is a need for a passcode-validation technique that overcomes the drawbacks of the prior art.
The present invention provides a passcode-validation technique that greatly reduces the need for data transmission and storage. The present invention allows passcodes to be validated without performing remote database queries at the time of validation, and without requiring numerous copies of large databases to be stored locally at points throughout the telephone network.
In accordance with the present invention, a hash function is defined. The hash function receives a telephone number as input and produces a passcode as output, where the passcode is based on the telephone number. The passcode produced by the hash function may, for example, be a four-digit number from 0000-9999. At the time that a customer of the telephone network subscribes to a passcode-controlled service, the customer""s telephone number is hashed using the defined hash function. The output of the hash function is provided to the customer and becomes the customer""s passcode. The defined hash function is then provided to every component of the telephone network that may need to validate the customer""s passcode. When those components are called upon to validate the customer""s passcode, they hash the customer""s telephone number using the defined hash function. In most passcode-controlled transactions, the customer""s telephone number is either the called party number (when the customer is calling his own number from a remote location) or the calling party number (when the customer is calling from his own line), and thus the customer""s number is generally available to such components as part of the normal call-processing protocol. Thus, upon hashing the customer""s telephone number, the passcode that is entered by the customer is compared against the hash of the customer""s telephone number. If the two values match, then the customer is allowed access to a passcode-controlled service.
The invention may be deployed within an Advanced Intelligent Network (AIN), wherein passcode-controlled services are provided by service nodes (SN). In such a case, the hash function is provided to each SN that provides a passcode-controlled service.
In accordance with one aspect of the invention, support is provided for changes to a customer""s passcode. An exception list is created which maintains an entry for each customer whose passcode has changed from the hash value. The customer""s new passcode is maintained in the exception list indexed by the hash value. Thus, when a component needs to validate a passcode, it first hashes the customer""s telephone number and checks whether the hash value is in the exception list. If there is such a hash value, then the passcode in the exception list is used for comparison with the passcode that is entered during call processing. If there is no such entry in the exception list, then the customer""s passcode has not been changed from the original hash value, so the passcode entered during call processing may be compared with the hash value in order to perform the validation.
Other features of the invention are described below.